Disable USB Data Transfer
Datalogic Integrity Kit provides a mechanism to partially or completely disable the USB data transfer, which can prevent attackers from using the USB interface to gain unauthorized access to the device's data or functionality. One scenario where USB data transfer could be exploited is through the use of malicious USB devices. An attacker could create a malicious USB device that, when plugged into the device, could execute commands to steal data, modify firmware or software, or install malware. With Datalogic Disable USB Data Transfer mitigation strategy, the risk of such an attack is greatly reduced.
USB can be disabled on the host side, the client side, or both at the same time. Disabling it on the host side will cause peripherals connected to the device to not work, except for any whitelisted inclusions [link a whitelisting]. Disabling it on the client side (when it is functioning as a peripheral) will cause the device to not be seen by the device to which it is connected. Also, for some devices, it is possible to disable the connection while keeping the load active when acting as a host. Sometimes it is necessary to disconnect the cable or the peripheral for the changes to take effect. The levels of disabling are summarized in the table below.
Configuration Manager
import com.datalogic.device.configuration.ConfigurationManager;
import com.datalogic.device.configuration.Property;
import com.datalogic.device.configuration.PropertyID;
import com.datalogic.device.configuration.BooleanProperty;
ConfigurationManager cm = new ConfigurationManager(context);
Property<Boolean> property;
// Enable or disable the whole USB data
property = (BooleanProperty)cm.getPropertyById(PropertyID.USB_DATA);
property.set(enable);
// Enable or disable USB data by host side
property = (BooleanProperty)cm.getPropertyById(PropertyID.USB_HOST_DATA);
property.set(enable);
// Enable or disable USB data by client side
property = (BooleanProperty)cm.getPropertyById(PropertyID.USB_CLIENT_DATA);
property.set(enable);
cm.commit();
Android Intent
import com.datalogic.device.configuration.PropertyID;
Intent intent = new Intent(Intents.ACTION_CONFIGURATION_COMMIT);
HashMap<Integer, String> map = new HashMap<>();
// Enable or disable the whole USB data
map.put(PropertyID.USB_DATA, enable ? "1" : "0");
// Enable or disable USB data by host side
map.put(PropertyID.USB_HOST_DATA, enable ? "1" : "0");
// Enable or disable USB data by client side
map.put(PropertyID.USB_CLIENT_DATA, enable ? "1" : "0");
intent.putExtra(Intents.EXTRA_CONFIGURATION_CHANGED_MAP, map);
context.sendBroadcast(intent);
To disable USB data transfer through the Datalogic SDK on JT22 use the following code snippet:
import com.datalogic.device.configuration.ConfigurationManager;
import com.datalogic.device.configuration.PropertyID;
ConfigurationManager cm = new ConfigurationManager(aContext);
cm.getPropertyById(PropertyID.USB_DATA).set(true); //or .set(false);
cm.commit();
Shell Intent
Enable the Whole USB Data
adb shell am broadcast -a com.datalogic.device.intent.action.configuration.COMMIT
--es com.datalogic.device.intent.extra.configuration.CHANGED_MAP 'USB_DATA=1'
Enable the USB Data by Host Side
adb shell am broadcast -a com.datalogic.device.intent.action.configuration.COMMIT
--es com.datalogic.device.intent.extra.configuration.CHANGED_MAP 'USB_HOST_DATA=1'
Enable the USB Data by Client
adb shell am broadcast -a com.datalogic.device.intent.action.configuration.COMMIT
--es com.datalogic.device.intent.extra.configuration.CHANGED_MAP 'USB_CLIENT_DATA=0'
To disable USB data transfer through the Datalogic SDK on Memor 10 and Memor 11 using the following intent:
Intent action:
com.datalogic.extension.selfshopping.configuration.USB_ENABLE
Intent extra: value, type int
0: disable all (USB data/chare)
1: enable all (USB data/chare)
2: enable USB data only
3: enable USB charge only
Sample code:
int usbEnabled = 1;
Intent intent = new Intent();
intent.setAction("com.datalogic.extension.selfshopping.configuration.USB_ENABLE");
intent.putExtra("value", usbEnabled);
sendBroadcast(intent);
The following table shows which devices support this feature:
| DEVICE | USB_DATA | USB_CLIENT_DATA | USB_HOST_DATA |
|---|---|---|---|
| Memor 30/35 | ❌ | ✔️ | ✔️ |
| Memor 11 | ✔️** | ❌ | ❌ |
| Memor 10 | ✔️** | ❌ | ❌ |
| Joya Touch 22 | ✔️ | ❌ | ❌ |
| Joya Touch A6 | ❌ | ❌ | ❌ |
| Memor 20 | ❌ | ❌ | ❌ |
| Skorpio X5 | ❌ | ❌ | ❌ |
| Memor K | ❌ | ❌ | ❌ |